Aspects are generally directed to network security systems and methods of monitoring network activity. In one example, a network security system includes and interface to receive a Hypertext Transfer Protocol (HTTP) network log that includes a matrix of data, a feature extraction component configured to extract a connectivity matrix from the HTTP network log based on a recurring pattern within the matrix of data, and a training module configured to provide deep learning architecture training data based on the connectivity matrix. The system may include a deep learning architecture configured to receive and propagate the training data through one or more layers thereof to train the one or more layers, and being configured to generate a general data representation of the HTTP network log. The system may include a behavior analytics component to detect a discordant network activity within the HTTP network log based on the general data representation.